We have an existing database, and need to implement role based access control with IdentityServer4 and .NET Core.

My question is that:

1 Does IdenityServer4 support RBAC? e.g. Is it via scope claim? How should it be implemented?

2 Can I use the existing database? Or Must I create a new database?

Any advice or code sample would be appreciated.

https://github.com/IdentityServer/IdentityServer4.Samples/tree/master/Quickstarts/7_EntityFrameworkStorage

Update

We implement Resource Owner Passowrd grant type and RBAC.

Any advice or links to code sample would be appreciated.

On Identity Server side , you can create Profile Service to make IDS4 include role claim when issuing tokens .

If example , if using ASP.NET Identity to mange users/roles , you can create profile service like :

public class MyProfileService : IProfileService
{
    public MyProfileService()
    { }

    public Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
        var roleClaims = context.Subject.FindAll(JwtClaimTypes.Role);
        List<string> list = context.RequestedClaimTypes.ToList();
        context.IssuedClaims.AddRange(roleClaims);
        return Task.CompletedTask;
    }

    public Task IsActiveAsync(IsActiveContext context)
    {
        // await base.IsActiveAsync(context);
        return Task.CompletedTask;
    }
}

And register in Startup.cs:

services.AddTransient<IProfileService, MyProfileService>();

On client side , you should map the role claim from your JWT Token and try below config in AddOpenIdConnect middleware :

  options.ClaimActions.MapJsonKey("role", "role", "role");
  options.TokenValidationParameters.RoleClaimType = "role";